Call us now
Book an appointment
Contact us via WhatsApp

Privacy policy

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Privacy Policy | Dr. Salah Kary

Privacy Policy

Dr. Salah Kary drsalahkary.com Effective Date: January 23, 2026 Last Updated: January 23, 2026

1. Introduction & Controller Information

This Privacy Policy ("Policy") explains how Dr. Salah Kary ("we," "us," "our," or "Controller") collects, uses, discloses, and otherwise processes personal data through our website located at drsalahkary.com ("Website"). We are committed to protecting your privacy and ensuring transparency in how we handle your information in compliance with the Saudi Arabia Personal Data Protection Law (PDPL) and applicable healthcare regulations.

Data Controller Details

Element Information
Business NameDr. Salah Kary
Professional TitleSenior Consultant Interventional Radiologist
Business TypeSole Medical Practice
Websitedrsalahkary.com
Emailinfo@salahkary.com
WhatsApp+966 53 399 4880
Mailing AddressSaudi Arabia, Jeddah123
Office Hours Monday–Friday: 9:00 AM to 5:00 PM (Jeddah Time)
Closed Saturday and Sunday

Dr. Salah Kary holds the following professional qualifications and credentials: MD, FRCPC (Fellow Royal College of Physicians of Canada), and EMBA. As a Senior Consultant Interventional Radiologist, all services offered are subject to applicable Saudi healthcare regulations and professional standards.

2. Scope & Applicability

This Privacy Policy applies to all visitors and users of drsalahkary.com ("Users," "you," or "your"). By accessing, browsing, or using our Website in any manner, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

  • Geographic Scope: This Website is offered to and intended for residents and patients in Saudi Arabia. We do not knowingly offer services to individuals outside the Kingdom of Saudi Arabia.
  • Age Eligibility: This Website is intended for users who are 18 years of age or older. By using the Website, you represent that you are at least 18 years old or have obtained parental or guardian consent.
  • Language: This Policy is provided in English. If translated into Arabic or other languages for convenience, the English version shall be controlling in case of discrepancy.
  • Updates to Scope: We reserve the right to modify the geographic scope or eligibility criteria at any time by updating this Policy. Continued use of the Website constitutes acceptance.

3. Legal Basis & Regulatory Framework

Our collection and processing of personal data is conducted in strict compliance with the following regulatory frameworks:

Saudi Arabia Personal Data Protection Law (PDPL)

  • Royal Decree No. M/19 dated September 16, 2021
  • Amended by Royal Decree No. M/148 dated March 27, 2023
  • Enforcement commenced: September 14, 2023
  • Full compliance required by: September 14, 2024
  • Regulator: Saudi Data & AI Authority (SDAIA)

The PDPL is Saudi Arabia's primary legislation governing collection, processing, use, and disclosure of personal data. It establishes rights for data subjects and obligations for data controllers and processors.

Law of Practicing Healthcare Professions

Saudi regulations governing medical practice require healthcare professionals to comply with professional standards, maintain patient confidentiality, obtain informed consent, and adhere to medical ethics principles. Dr. Salah Kary operates under these requirements as licensed by the Saudi Commission for Health Specialties (SCFHS).

Health Information Protection Standards

Under PDPL Articles 23 and 26, health information and medical data are classified as sensitive personal data and receive enhanced protection, including:

  • Explicit consent for processing
  • Limited collection (necessity principle)
  • Restricted access and use
  • Enhanced security safeguards
  • Prohibition on transfer without justified legal basis

SDAIA Oversight

SDAIA serves as the regulatory authority responsible for PDPL enforcement and provides guidance on compliance standards. For more information, visit www.sdaia.gov.sa.

4. Information We Collect

4.1 Personal Data Collected Directly

We collect personal data directly from you when you voluntarily submit the Contact Us form on our Website to inquire about appointment booking. The information we collect includes:

Data Field Requirement Purpose
Full NameRequiredTo identify you and respond to your inquiry
Phone NumberRequiredTo contact you regarding your appointment request
Email AddressOptionalAlternative method of communication for appointment confirmation

All personal data collected through the contact form is processed only for the purpose of responding to your appointment inquiry.

Important Note on Health Information: If you voluntarily provide any health-related information in your inquiry message or attachments, it will be treated as sensitive personal data under PDPL Article 23 and protected with enhanced security measures.

4.2 Automatically Collected Information

When you visit our Website, certain information is automatically collected through technical means:

  • IP Address & Device Information: IP address, browser type/version, device type, operating system, device identifiers
  • Website Usage Data: pages visited, time spent, links clicked, referral sources, search queries (if applicable), downloads (if applicable)
  • Cookies & Tracking Technologies: unique identifiers, session data, Webflow platform tracking

4.3 Google Analytics Data

Upon implementation of Google Analytics, the following information may be collected:

  • Anonymized user IDs and session IDs
  • Page views and user journey tracking
  • Bounce rate and session duration
  • Traffic sources
  • Geographic location (city/region level only)
  • Device categories and OS information

Collection Method: Google Analytics operates through cookies and pixel tracking. No collection occurs until you provide explicit consent via our cookie consent banner (see Section 12).

4.4 WhatsApp Communication Data

  • Your name and phone number (as provided to Meta/WhatsApp)
  • Message content and attachments
  • Timestamp of communications
  • Metadata regarding message delivery and read status

WhatsApp employs end-to-end encryption for messages. However, Meta (WhatsApp's parent company) processes certain metadata as per their privacy policy.

4.5 What We Do NOT Collect

  • ❌ Medical histories or comprehensive health records
  • ❌ Insurance information or payment details
  • ❌ Credit card or banking information (no payments processed via Website)
  • ❌ Passport or national ID numbers
  • ❌ Biometric data or genetic information
  • ❌ Financial data beyond appointment-related information
  • ❌ Location data (precise GPS tracking disabled)
  • ❌ Video or audio recordings (without explicit separate consent)
  • ❌ Family or dependent information (unless voluntarily provided)

5. How We Use Your Information

We use personal data collected through our Website for the following purposes:

5.1 Appointment Inquiry Processing

  • Acknowledge receipt of your inquiry
  • Contact you to discuss availability and scheduling
  • Provide information about services and consultation procedures
  • Confirm appointment details and office hours

Duration: Active processing until appointment is scheduled or you withdraw your inquiry.

5.2 Communication & Contact

  • Responding to questions or inquiries
  • Sending appointment reminders and confirmations
  • Notifying you of cancellations or rescheduling
  • Providing updates related to your consultation request

Channels: WhatsApp, phone call, email.

5.3 Website Improvement & Analytics

  • Analyzing usage patterns
  • Identifying technical issues
  • Enhancing user experience
  • Understanding relevant content/services

5.4 Legal Compliance & Record Keeping

  • Maintaining records for legal/regulatory compliance
  • Responding to Saudi authorities (SCFHS, MOH, SDAIA)
  • Defending against legal claims
  • Complying with court orders or governmental requirements
  • Preventing fraud or illegal activity

5.5 Website Security & Operations

  • Detecting and preventing unauthorized access
  • Protecting against cybersecurity threats
  • Ensuring website availability and functionality

5.6 Limited Use for Service Improvement

  • Identifying trends in appointment requests
  • Evaluating service demand and resource allocation
  • Aggregated, anonymized insights
Prohibition on Secondary Uses: We will not use your personal data for marketing or promotional activities without obtaining your explicit consent.

6. Legal Basis for Processing

6.1 Consent

When you submit the Contact Us form, you provide explicit consent for us to process your contact details for the purpose of responding to your inquiry and scheduling an appointment.

  • Withdrawal: You may withdraw consent at any time by contacting us (Section 11.8)
  • Effect: We will cease processing; however, necessary retained data may remain for appointment fulfillment

6.2 Contractual Necessity

We process your contact information as necessary to schedule and communicate regarding the appointment request.

6.3 Legitimate Interest

  • Website security and operations
  • Service improvement and user experience
  • Legal compliance and regulatory responses

6.4 Legal Obligation

We may process personal data when required by Saudi authorities, courts, or law enforcement.

6.5 Special Basis for Health Information

  • Explicit Consent
  • Medical Necessity (for consultation you request)
  • Legal Obligation (if required by healthcare regulations/authorities)

7. Data Sharing & Disclosure

7.1 Third-Party Service Providers

Webflow (Website Hosting & Form Processing)

DetailInformation
RoleData Processor (Hosting, form submissions)
LocationUnited States
Data SharedContact form data (name, phone, email)
PurposeWebsite hosting, form submission processing
SafeguardsDPA, SCCs, TLS/SSL encryption
Data RetentionPer Webflow’s standard retention policies
Linkwww.webflow.com/privacy

Google Analytics (Upon Implementation)

DetailInformation
RoleData Processor (Analytics)
LocationUnited States
Data SharedAnonymized user behavior, device info, page views
PurposeWebsite usage analytics and performance improvement
SafeguardsDPA, anonymization, IP masking
Consent RequiredYes – cookie consent banner before tracking
Linkwww.google.com/policies/privacy/

WhatsApp/Meta (Communication)

DetailInformation
RoleData Processor (Communication)
LocationUnited States
Data SharedPhone number, name, message content, metadata
PurposeBusiness messaging and appointment communication
SafeguardsEnd-to-end encryption, Meta safeguards
Linkwww.whatsapp.com/legal/privacy-policy

7.2 Legal Disclosures

  • Saudi authorities (SDAIA, SCFHS, MOH) during lawful investigations
  • Court orders or subpoenas from Saudi courts
  • Law enforcement agencies for public safety or crime investigations
  • Mandatory legal requirements or regulatory directives
  • Protection of rights (fraud prevention, enforcing Terms of Use)

7.3 No Sale of Personal Data

We do not sell, rent, lease, or transfer personal data to third parties for commercial purposes.

7.4 Aggregated & Anonymized Data

We may share aggregated/anonymized data for research, analytics, service improvement, and insights.

7.5 Disclosure Upon Merger or Acquisition

If a merger/acquisition occurs, personal data may be transferred subject to this Privacy Policy or an updated policy.

8. International Data Transfers

8.1 Cross-Border Transfer Overview

Our Website hosting provider (Webflow) stores data on servers located in the United States. Submissions may be transmitted to and processed in the USA.

8.2 Safeguards

  • Data Processing Addendum (DPA)
  • Standard Contractual Clauses (SCCs)
  • TLS/SSL encryption in transit and at rest
  • Access controls and audits
  • Purpose limitation and necessity principle

8.3 Your Acknowledgment

By using the Website and submitting the contact form, you acknowledge the cross-border transfer to USA-based servers subject to safeguards described in this Policy.

8.4 No Independent Transfer by Dr. Salah Kary

Dr. Salah Kary does not independently transfer personal data outside Saudi Arabia. Transfers are handled by Webflow as a processor.

8.5 Restricted Transfers

  • Required by law or court order
  • Explicit consent from you
  • Adequacy decision / appropriate safeguard in place
  • Necessary for medical emergency (as permitted)

9. Data Security & Protection

We implement technical, organizational, and administrative measures to protect personal data from unauthorized access, alteration, disclosure, and destruction.

9.1 Technical Measures

  • Encryption in Transit: TLS/SSL, HTTPS for all forms
  • Encryption at Rest: database encryption, key management
  • Firewall Protection: intrusion detection, DDoS protection
  • Access Controls: RBAC, MFA where applicable

9.2 Organizational Measures

  • Data minimization
  • Need-to-know access restrictions
  • Confidentiality agreements
  • Vendor management and audits

9.3 Administrative Measures

  • Staff training
  • Incident response procedures
  • Backups & disaster recovery
  • Security policies and annual reviews

9.4 Webflow Security Standards

  • ISO 27001 certification
  • SOC 2 Type II compliance
  • Regular penetration testing
  • 24/7 security monitoring

More info: www.webflow.com/security

9.5 Limitation

No system is 100% secure. Internet transmission has inherent risks. Please protect your device and do not share your information with unauthorized parties.

9.6 Data Breach Notification

  • 72-hour notification: We notify affected individuals and SDAIA within 72 hours of discovery (PDPL Article 36).
  • Breaches involving sensitive health data may require immediate notification.

10. Data Retention

10.1 Retention Principles

  • Necessity
  • Proportionality
  • Regular review and deletion
  • Security during retention

10.2 Retention Periods – Contact Form Submissions

Scenario Retention Period Basis
Appointment Booked3 years from last contactMedical communication records; MOH guideline alignment
Appointment Not Booked1 year from inquiry dateFulfillment of inquiry purpose
Withdrawn Request30 daysConfirmation of withdrawal
Legal/Regulatory HoldAs requiredCourt order / investigation

Automatically Collected Data

Data Type Retention Notes
IP Addresses & Device Info90 daysServer logs and technical records
Website Analytics (Google)Per Google settingsTypically 26 months (customizable)
CookiesUntil expiry/deletionSession cookies end on browser close
WhatsApp MessagesPer necessityMinimum 1 year; deleted upon request

10.3 Deletion Procedures

  • Cryptographic erasure
  • Data shredding
  • Physical destruction (for physical records)

10.5 Right to Erasure

You may request deletion before expiry unless retention is legally required.

11. Your Data Rights & Choices Under PDPL

11.1 Right to Access

  • Request a copy of personal data held
  • Understand purposes, recipients, retention
  • Response timeline: 30 days (extendable)

11.2 Right to Rectification

  • Correct name, phone, email
  • Response timeline: 30 days

11.3 Right to Erasure

  • Request deletion under specific grounds
  • Exceptions apply for legal obligations/claims

11.4 Right to Restrict Processing

  • Store data but pause active processing during disputes

11.5 Right to Data Portability

  • Receive data in CSV / PDF / JSON (on request)

11.6 Right to Object

  • Object to certain processing (e.g., marketing/profiling)

11.7 Right to Withdraw Consent

  • Withdraw consent for future processing

11.8 How to Exercise Your Rights

MethodDetails
Emailinfo@salahkary.com (Subject: specify request type)
WhatsApp+966 53 399 4880 (Include “Data Rights Request”)
Mailing AddressDr. Salah Kary, Saudi Arabia, Jeddah123
Phone+966 53 399 4880 (Mon–Fri, 9:00 AM–5:00 PM Jeddah Time)

11.9 Right to Lodge a Complaint with SDAIA

DetailInformation
OrganizationSaudi Data & AI Authority (SDAIA)
Websitewww.sdaia.gov.sa
AddressRiyadh, Saudi Arabia
JurisdictionSaudi Arabia (PDPL violations)

12. Cookies & Tracking Technologies

12.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They contain information about browsing activity and are sent back to the server on subsequent visits.

12.2 Cookies Used on Our Website

Essential/Strictly Necessary Cookies (Always Active):

Cookie Provider Purpose Duration
Session IDWebflowWebsite functionality and form processingSession
Security TokensWebflowPrevent unauthorized access and CSRF attacksSession
Language PreferenceWebflowRemember language selection1 year
User Session DataWebflowMaintain session stateSession

Performance/Analytics Cookies (Requires Consent):

Cookie Provider Purpose Duration
_gaGoogle AnalyticsTrack unique users and sessions2 years
_gidGoogle AnalyticsIdentify sessions24 hours
_gatGoogle AnalyticsThrottle request rate1 minute
AMP_TOKENGoogle AnalyticsRetrieve Client ID1 year
Google Analytics IDGoogle AnalyticsUser identification across visits2 years

12.4 Cookie Consent Mechanism

OptionEffect
Accept AllStrictly necessary + analytics + third-party cookies activated
Reject Non-EssentialOnly strictly necessary cookies
Manage PreferencesGranular selection of cookie categories

12.5 Managing Cookies

  • Chrome → Settings → Privacy & Security → Cookies
  • Firefox → Preferences → Privacy & Security
  • Safari → Preferences → Privacy
  • Edge → Settings → Cookies and site permissions

12.8 Do Not Track

We do not respond to DNT signals. You can disable tracking via the consent banner or browser settings.

13. Health Information & Sensitive Data

13.1 Classification

Health information is classified as sensitive personal data under PDPL Articles 23 and 26.

13.2 Our Policy

  • We do NOT routinely collect comprehensive health information through the website.
  • If you voluntarily provide health information, it is treated as sensitive data with enhanced protections.

13.5 No Online Diagnosis

  • ❌ Online medical diagnosis
  • ❌ Remote treatment
  • ❌ Prescription services

All medical decisions require an in-person consultation.

14. Children’s Privacy

  • Not directed to children under 13
  • No intentional collection from minors without parental consent
  • Minors 13–18 only with parental knowledge and consent

15. Third-Party Links

  • We may link to third-party websites (MOH, SCFHS, hospitals, resources)
  • We do not control third-party privacy practices
  • Please review their policies before sharing data

16. Changes to This Privacy Policy

  • We may update this policy as laws or practices change
  • Minor updates may occur without notice
  • Material changes may be notified by email, banner, or WhatsApp

17. Privacy Contact & Data Protection Officer

Primary Privacy Contact: Dr. Salah Kary

18. Webflow Data Processing Details

  • Webflow acts as a data processor on behalf of Dr. Salah Kary (Controller)
  • DPA governs the relationship and protections
  • Webflow maintains security standards such as ISO 27001 and SOC 2 Type II
  • Subprocessors may be used; Webflow maintains a list on their privacy page

19. Contact Information for Privacy Matters

19.1 Contact Methods

MethodDetailsBest For
Emailinfo@salahkary.comAll privacy requests
WhatsApp+966 53 399 4880Urgent inquiries
Phone+966 53 399 4880Verbal discussion
Mailing AddressSaudi Arabia, Jeddah123Formal requests

19.2 Response Timeline Expectations

Request TypeResponse TimeNotes
General Inquiries2–5 business daysAcknowledgment + response
Data Subject Rights30 daysMay extend by 30 days
Urgent/Critical24 hoursSecurity breach / urgent complaint
Complex Requests60 daysExtensive review required

20. Governing Law & Jurisdiction

  • Governing law: Saudi PDPL and Law of Practicing Healthcare Professions
  • Jurisdiction: Courts of Jeddah, Kingdom of Saudi Arabia
  • Dispute resolution: negotiation → escalation → optional SDAIA complaint → litigation

21. Final Acknowledgment

  • ✓ You have read and understood this Privacy Policy
  • ✓ You agree to be bound by its terms
  • ✓ You understand how data is collected, used, and protected
  • ✓ You understand your PDPL rights and how to exercise them
  • ✓ You consent to processing and cross-border transfer where applicable
For the most current version: Please visit drsalahkary.com/privacy

Version History

VersionEffective DateChanges
1.0January 23, 2026Initial Privacy Policy for drsalahkary.com

Thank you for your trust in Dr. Salah Kary's practice. Your privacy is our priority.

Last Updated: January 23, 2026 • This Privacy Policy remains in effect unless modified.